Coder Social home page Coder Social logo

access_control's Introduction

AUR

Access Control

Capability-based access control for Ethereum smart contracts.

Get started

  1. npm install --save @daostack/access_control

  2. Use it in your smart contract

    import "@daostack/access_control/contracts/Permissioned.sol";

contract Foo is Permissioned {
    // Foo stuff...
}

Check out the documentation for more!

Concept

The basic idea is that there are a set of "locks"/"topics" each with a set of "keys". A contract can protects one of it's methods with a lock (or more) such that anyone with the appropriate key can use it to access this method. Each key can have a start time, expiration time, number of uses. Accounts can also transfer some (or all) of their capabilities to other accounts if allowed. Initially the contract itself has a "master key" (infinite uses, no expiration, no start time limitation), and then it can pass some partial capabilities to the desired accounts.

Features:

  • Can define a number of uses & expiration date & start time on keys and if to enable the key to be transfrred.
  • Accounts can assign partial (or full) abillites to other accounts (if allowed).
  • We can use advanced lock ids to lock a method even on specific parameters, enforce ordering, or other properties (see example).
  • Can define complex boolean predicates to protect methods.
  • No performance loss over hand-crafted mechanisms.

Benefits:

  • Declarative policy (no more sprinkling ifs all over the codebase)
  • Easy control flow (ordering, timing, number of function calls) restrictions (e.g. only allowed to call B after calling A twice within 2 days).
  • Allows accounts to call functions themselves instead of delegating through other contracts.
  • Generalized logging mechanism: key usage events can be queried by clients to know whether a method was called and by which account, key revocations can be used to know when users no longer have access to a method.
  • Easier security since we need to verify less code.

Contribute

  1. git clone [email protected]:daostack/access_control.git && cd access_control
  2. npm install / yarn

Available Commands:

  • npm run ganache
  • npm run lint
  • npm run test
  • npm run build
  • npm run docs:<update|build|deploy|preview>

access_control's People

Contributors

ben-kaufman avatar tsuberim avatar leviadam avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.